This repository has been archived by the owner on Jun 29, 2022. It is now read-only.
baremetal: integrate automated (re-)provisioning logic #1502
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pothos
force-pushed
the
kai/bare-metal-reprovisioning
branch
3 times, most recently
from
745cdfd to
ba98bc5
Compare
pothos
force-pushed
the
kai/bare-metal-reprovisioning
branch
2 times, most recently
from
ff32e74 to
69a44ff
Compare
pothos
added a commit
to kinvolk/racker
that referenced
this pull request
Jun 18, 2021
TODO: switch to "master" once kinvolk/lokomotive#1502 is merged. Users should follow the update guides under when updating from Racker 0.1: https://github.com/kinvolk/lokomotive/releases/tag/v0.7.0 https://github.com/kinvolk/lokomotive/releases/tag/v0.8.0 and add `wipe_additional_disks = true` to their baremetal.lokocfg file.
The installer OS needs to be able to get its network configuration as CLC snippet if DHCP is not used. Add CLC snippets for the installer and migrate the matchbox-specific CLC template to the normal CLC template which is needed for CLC snippets. The request template variable is replaced by the actually used "mac" parameter.
The Ignition configuration currently gets written out only once to the OEM partition and any updates to it in the matchbox store are not propagated to the node's Ignition environment when Ignition is forced to run again. Use the Ignition kernel parameter to point the node's Ignition environment directly to matchbox where the userdata lies.
ipochi
previously approved these changes
Jun 22, 2021
pothos
force-pushed
the
kai/bare-metal-reprovisioning
branch
from
69a44ff to
3f11380
Compare
pothos
force-pushed
the
kai/bare-metal-reprovisioning
branch
from
3f11380 to
faba3ce
Compare
The bare-metal platform currently lacks any understanding of whether an instance is actually running the configuration that lokoctl put into matchbox, because, when the configuration was updated, there is no notification to the user that PXE booting has to be done again for this instance. Also, it is not clear to the user when to boot from PXE because the PXE boot must happen after lokoctl populated matchbox with the (new) configuration but before any other steps time out. The goal of this patch is to bring the baremetal platform to an actually usable level and support automated provisioning and reprovisioning, in a configurable way regardless if IPMI is used or VMs are created. In addition, we don't want to require a complicated PXE boot for each configuration update because it is slow, fragile and needs a special DHCP infrastructure which may be lacking in a production environment. Add user-defined commands in the "pxe_commands" variable to perform automated PXE provisioning at the right time, i.e. initally at the first run or when recreating a node. To address the problem that PXE booting is a long and maybe even manual process, or even impossible at production side, we can rely on Ignition to simulate reprovisioning by creating the "first_boot" flag file via SSH and issuing a reboot, which makes Ignition fetch the configuration from matchbox, and if we make sure to clean the root filesystem by formatting it, the result is the same as if reprovisioned was done with a PXE boot. The logic is achieved by a "null resource" in Terraform that executes a helper script which either does a PXE boot or uses SSH to trigger a reprovisioning with Ignition. It also handles the case of ignoring userdata changes for controller nodes to prevent losing etcd state. Since there is no notion of a baremetal node on the Terraform level (reminder: all this exercise here is done because we don't have a Terraform provider doing this for us) a local flag file is created under the asset directory on the machine which runs lokoctl. If it exists, the node was provisioned with PXE and SSH will be used for reprovisioning, if it does not exist, it will be provisioned with PXE during inital setup and for the next reprovisioning because the user forced recreating the node by deleting the flag file. Another flag file on the node is used to check whether a node was successfully reprovisioned. When SSH is used to reprovision, the kernel parameters for GRUB are updated directly because they are not part of the Ignition configuration. The "copy-controller-secrets" step is run after recreating a controller node, again since there is no notion of a node object this is solved by depending on the variables itself which define the node state. Also add user-defined commands in the "install_pre_reboot_cmds" variable to run after the PXE OS installation and before booting into the final OS, needed to set up persistent booting from disk after the PXE booting was configured in "pxe_commands". The whole patch is used by Racker (https://github.com/kinvolk/racker), and can be tested either with the "bootstrap/prepare.sh" script to create VMs with lokoctl or by running Racker in the QEMU IPMI simulator environment through the "racker-sim/ipmi-env.sh" script and a Racker Docker image built with "installer/conf.yaml" pointing to this Lokomotive branch.
pothos
force-pushed
the
kai/bare-metal-reprovisioning
branch
from
faba3ce to
bbb13a6
Compare
invidian
added
kind/enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
baremetal: introduce CLC snippets for the installer
The installer OS needs to be able to get its network configuration as
CLC snippet if DHCP is not used.
Add CLC snippets for the installer and migrate the matchbox-specific
CLC template to the normal CLC template which is needed for CLC
snippets. The request template variable is replaced by the actually
used "mac" parameter.
baremetal: use ignition.config.url kernel parameter
The Ignition configuration currently gets written out only once to the
OEM partition and any updates to it in the matchbox store are not
propagated to the node's Ignition environment when Ignition is forced
to run again.
Use the Ignition kernel parameter to point the node's Ignition
environment directly to matchbox where the userdata lies.
baremetal: integrate automated (re-)provisioning logic
The bare-metal platform currently lacks any understanding of whether an
instance is actually running the configuration that lokoctl put into
matchbox, because, when the configuration was updated, there is no
notification to the user that PXE booting has to be done again for this
instance.
Also, it is not clear to the user when to boot from PXE because the PXE
boot must happen after lokoctl populated matchbox with the (new)
configuration but before any other steps time out.
The goal of this patch is to bring the baremetal platform to an
actually usable level and support automated provisioning and
reprovisioning, in a configurable way regardless if IPMI is used or VMs
are created. In addition, we don't want to require a complicated PXE
boot for each configuration update because it is slow, fragile and
needs a special DHCP infrastructure which may be lacking in a
production environment.
Add user-defined commands in the "pxe_commands" variable to perform
automated PXE provisioning at the right time, i.e. initally at the
first run or when recreating a node.
To address the problem that PXE booting is a long and maybe even manual
process, or even impossible at production side, we can rely on Ignition
to simulate reprovisioning by creating the "first_boot" flag file via
SSH and issuing a reboot, which makes Ignition fetch the configuration
from matchbox, and if we make sure to clean the root filesystem by
formatting it, the result is the same as if reprovisioned was done with
a PXE boot.
The logic is achieved by a "null resource" in Terraform that executes a
helper script which either does a PXE boot or uses SSH to trigger a
reprovisioning with Ignition. It also handles the case of ignoring
userdata changes for controller nodes to prevent losing etcd state.
Since there is no notion of a baremetal node on the Terraform level
(reminder: all this exercise here is done because we don't have a
Terraform provider doing this for us) a local flag file is created
under the asset directory on the machine which runs lokoctl. If it
exists, the node was provisioned with PXE and SSH will be used for
reprovisioning, if it does not exist, it will be provisioned with PXE
during inital setup and for the next reprovisioning because the user
forced recreating the node by deleting the flag file.
Another flag file on the node is used to check whether a node was
successfully reprovisioned.
When SSH is used to reprovision, the kernel parameters for GRUB are
updated directly because they are not part of the Ignition
configuration.
The "copy-controller-secrets" step is run after recreating a controller
node, again since there is no notion of a node object this is solved by
depending on the variables itself which define the node state.
Also add user-defined commands in the "install_pre_reboot_cmds"
variable to run after the PXE OS installation and before booting into
the final OS, needed to set up persistent booting from disk after the
PXE booting was configured in "pxe_commands".
The whole patch is used by Racker (https://github.com/kinvolk/racker),
and can be tested either with the "bootstrap/prepare.sh" script to
create VMs with lokoctl or by running Racker in the QEMU IPMI simulator
environment through the "racker-sim/ipmi-env.sh" script and a Racker
Docker image built with "installer/conf.yaml" pointing to this
Lokomotive branch.